LastPass has just launched a patch for a bug that could help harmful sites extract passwords using the service’s browser extension.
Luckily enough, Google Project Zero researcher Tavis Ormandy discovered the bug and informed the company soon enough about the risks.
According to a ZDNet report, LastPass came up with a patch to avoid the expansion of the bug. Therefore, an automatic update was deployed to all browsers, so by updating the latest version, you’ll be safe.
According to LastPass, only the Opera and Chrome browsers were affected by the bug. However, the bug was patched with the version 4.33.0 for all bowsers, just to be safe.
Ferenc Kun, who works as Security Engineering Manager for LastPass, confirmed that the exploit was based on a user visiting a harmful website and being tricked into clicking on the page numerous times.
Considering the fact that password managers can still be compromised by security problems, two-factor authentication might be a good idea.